Early version of new POS malware family spotted

  • 28 November 2014
  • 1 reply
  • 884 views

Userlevel 7
Badge +54
This is another new piece of malware under developement now, no doubt we will be hearing a bit more of this in the future. I will give you an update if and when I find out more about it. By PCWorld Staff  Nov 27, 2014 A security researcher came across what appears to be a new family of point-of-sale malware that few antivirus programs were detecting.
Nick Hoffman, a reverse engineer, wrote the Getmypass malware shares traits that are similar to other so-called RAM scrapers, which collect unencrypted payment card data held in a payment system’s memory.
That type of malware has been responsible for large payment card breaches at Target, Neiman Marcus and others, capitalizing on a common weakness in systems that experts say can be fixed with more robust encryption of card details.
Hoffman wrote that Getmypass appears to still be under development. It does not, for example, yet have a command-and-control functionality, which is a way that hackers use to issue commands to the malware.
 
Full Article

1 reply

Userlevel 7
Badge +54
An update on the earlier post.
 
Adam Greenberg, Reporter  December 01, 2014
 
http://media.scmagazine.com/images/2014/03/21/windigo61_569599.jpg?format.jpg&zoom=1&quality=70&anchor=middlecenter&width=320&mode=pad
The presence of debug information in the malware and lack of any identifiable command-and-control capabilities has led researchers to believe that TSPY_POSLOGR.K is in a beta testing phase. Trend Micro has identified a new point-of-sale (POS) threat detected as TSPY_POSLOGR.K.
The presence of debug information in the malware, as well as the lack of any identifiable command-and-control capabilities, has led researchers to believe that TSPY_POSLOGR.K is in a beta testing phase, Christopher Budd, global threat communications manager with Trend Micro, told SCMagazine.com in a Monday email correspondence.
“As with all software it's hard to say when a 'beta' is finished and ready for 'production,'” Budd said. “In this case, at least, having the missing command-and-control components are key to it being a piece of production malware.”
 
Full Article
 

Reply